Reaching A+ in web GUI ssltest

Post your feature requests for OpenVPN Access Server here.
oibaf
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 14, 2015 4:20 pm

Reaching A+ in web GUI ssltest

Postby oibaf » Fri Aug 14, 2015 4:44 pm

Hi, it would be nice if the web frontend of openvpn-as could be able to reach A+ grade out of the box with ssllabs ssltest:
https://www.ssllabs.com/ssltest/

- ssl2 support should be removed, also from the GUI;
- ssl3 should also be safely removed, only browser requiring it is ie6 on winxp; most web server are disabling it: https://www.trustworthyinternet.org/ssl-pulse/
- also i get this: The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-
- finally HSTS should also be enabled.

With this it should be able to get A+: <- bosses like that stuff!

Note I am a paying customer, I buy 5-years 40-licences on 2015-03-17.

Thanks!

djengineer
OpenVpn Newbie
Posts: 3
Joined: Sun Apr 05, 2015 7:52 pm

Re: Reaching A+ in web GUI ssltest

Postby djengineer » Sat Dec 05, 2015 4:21 pm

After upgrading to the latest version (2.0.21), setting the SSL Library to OpenSSL, setting minimum TLS protocol version to TLS 1.0, setting minimum SSL/TLS protocol version accepted by access server web server to TLS 1.0, checking support SSL/TLS renegotiation, I was able to get an A.

I also had to run this command on the server to remove the RC4 support in TLS:
./sacli -k cs.openssl_ciphersuites -v 'DEFAULT:!EXP:!PSK:!SRP:!LOW:!RC4:!kRSA' ConfigPut
./sacli start

Also, Chrome recognizes the cipher suite as a "modern cipher suite".

oibaf
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 14, 2015 4:20 pm

Re: Reaching A+ in web GUI ssltest

Postby oibaf » Fri Dec 25, 2015 4:38 pm

I was also using those settings indeed, but I just get A-. And RC4 is already disabled by default since 2.0.17. It would be nice to get A+ by default anyway, since it can also be get easily.

Happy holidays to everyone! :D

oibaf
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 14, 2015 4:20 pm

Re: Reaching A+ in web GUI ssltest

Postby oibaf » Fri Dec 25, 2015 4:40 pm

Specifically I am getting this:

The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-. MORE INFO »

oibaf
OpenVpn Newbie
Posts: 4
Joined: Fri Aug 14, 2015 4:20 pm

Re: Reaching A+ in web GUI ssltest

Postby oibaf » Thu Jan 07, 2016 8:52 am

Still getting A- after upgrade to 2.0.24.


Return to “Feature Requests”

Who is online

Users browsing this forum: No registered users and 1 guest